Your Synology security must be the first thing on your mind, especially when you are using Synology NAS as a web server. WordPress is the basis for building a website, and hosting it from home with Synology has never been easier than this. There are websites on the web, like “Sucuri“, that offer free website scans. They can reveal your current Server header in HTTP responses. I honestly don’t like being spied on and I don’t like these sites revealing my HTTP Server header. Privacy is extremely important (with this in mind, also see my previous article on How to Hide PHP Version on Synology NAS). Fortunately, there is a simple way to hide your HTTP server header on Synology. Follow the step by step guide below.
Go to Control Panel / Network / DSM Settings / Uncheck Enable the “Server” header in HTTP responses / Apply.
Now when you do a new scan with “Sucuri“, you should notice that your site’s HTTP Server header is no longer shown, whatever online software or website you may use. Below you can see a before and after screenshot.
Always remember to Force a Re-scan on the Sucuri page to clear the cache when you scan your website again.
There’s also another option if you don’t want your server name being revealed. In the screenshot below, below “Enable the ‘Server’ header in HTTP responses”, there’s an option called “Custom ‘Server’ header” followed by a box where normally your server name is. You can type in any word you like (example: a nickname, a number, a meaningless word), then check the “Enable the ‘Server’ header in HTTP responses” and the word you chose to type in will be displayed instead of your server name. As you can see in the screenshot below, I typed in Marius. Follow the instructions in the image below.
If we force a Re-scan with Sucuri, our word of choice (Marius, in my case) will appear instead of the standard server name nginx.
This post was updated on Friday / December 27th, 2019 at 8:10 AM